<?php require("sessionStart.php");




// Download folder.
define('ROOT_DIRECTORY','../Clients/'.$_SESSION['ClientID'].'/downloads/');

// DO you want to keep log downloads
define('LOG_FOR-DOWNLOADS',true);

// log file name
define('LOG_FILE-NAME','../Clients/'.$_SESSION['ClientID'].'/downloads/downloads.log');



// no limit time out for the script execution
set_time_limit(0);




// Get real file name.
// Remove any path info to avoid hacking by adding relative path, etc.
$fname = basename($_GET['fileName']);

// Check if the file exists
// Check in subfolders too
function find_file ($directoryName, $fname, &$fileName_path) {

  $dir = opendir($directoryName);

  while ($fileName = readdir($dir)) {
    if (empty($fileName_path) && $fileName != '.' && $fileName != '..') {
      if (is_dir($directoryName.'/'.$fileName)) {
        find_file($directoryName.'/'.$fileName, $fname, $fileName_path);
      }
      else {
        if (file_exists($directoryName.'/'.$fname)) {
          $fileName_path = $directoryName.'/'.$fname;
          return;
        }
      }
    }
  }

} // find_file

// get full file path (including subfolders)
$fileName_path = '';
find_file(ROOT_DIRECTORY, $fname, $fileName_path);


// file size in bytes
$fsize = filesize($fileName_path); 

// file extension
$fext = strtolower(substr(strrchr($fname,"."),1));



// get mime type
if ($allowed_ext[$fext] == '') {
  $mtype = '';
  // mime type is not set, get from server settings
  if (function_exists('mime_content_type')) {
    $mtype = mime_content_type($fileName_path);
  }
  else if (function_exists('finfo_file')) {
    $finfo = finfo_open(FILEINFO_MIME); 
    $mtype = finfo_file($finfo, $fileName_path);
    finfo_close($finfo);  
  }
  if ($mtype == '') {
    $mtype = "application/force-download";
  }
}


// Browser will try to save file with this filename, regardless original filename.
// You can override it if needed.

if (!isset($_GET['fc']) || empty($_GET['fc'])) {
  $asfname = $fname;
}
else {
  // remove some bad chars
  $asfname = str_replace(array('"',"'",'\\','/'), '', $_GET['fc']);
  if ($asfname === '') $asfname = 'NoName';
}

// set headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Type: $mtype");
header("Content-Disposition: attachment; filename=\"$asfname\"");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . $fsize);

// download
// @readfile($fileName_path);
$fileName = @fopen($fileName_path,"rb");
if ($fileName) {
  while(!feof($fileName)) {
    print(fread($fileName, 1024*8));
    flush();
    if (connection_status()!=0) {
      @fclose($fileName);
      die();
    }
  }
  @fclose($fileName);
}

// log downloads
if (!LOG_FOR-DOWNLOADS) die();

$f = @fopen(LOG_FILE-NAME, 'a+');
if ($f) {
  @fputs($f, date("m.d.Y g:ia")."  ".$_SERVER['REMOTE_ADDR']."  ".$fname."\n");
  @fclose($f);
}


?>
